A network of computing devices can function as a “breeding ground” for malicious computer software. Specifically, the interconnections provided among the computing devices in a network provide pathways that can be exploited by malicious software to enable it to perform malicious actions or copy itself to other computing devices. For example, malicious software commonly known as “computer viruses” can spread from one networked computing device to the other computing devices in the network via email transmissions or file transfers across the network. Similarly, malicious software commonly known as a “computer worm” can spread from one networked computing device to the other computing devices in the network via communications through network ports that are not secured, or via communications that generate an anomalous computing situation that has not yet been fixed.
One traditional mechanism for preventing the spread of malicious software, and for inhibiting the malicious actions performed by such software, is software designed to detect and remove malicious software, which is commonly known as “anti-malware” software. Another traditional mechanism for preventing the spread of malicious software and inhibiting its actions is the use of network admission limits that can prevent computing devices from connecting to the network if they do not meet some minimum specified criteria. These traditional mechanisms can be combined by, for example, limiting access to the network to only those computing devices that comprise at least some threshold level of anti-malware software.
Network admission criteria can be based on the “health” of a computing device. The health of a computing device can be based on the ability of the computing device to protect itself against malicious software. For example, the presence of anti-malware software on the computing device can be considered to increase the health of the device. Similarly, a computing device can be considered healthy when its installed software has been properly upgraded to include updates that eliminate mechanisms previously susceptible for exploitation by malicious software. Thus, network admission criteria can include, not only the requirement of current anti-malware software, but can likewise require the presence of known software updates.